CIS Controls
CIS Controls
Our working method
Many companies today still struggle with their security. They want to know where they stand and what they can do to take their cyber security to the next level. Working with these issues, NFIR developed a tool that not only looks at the current status of cyber security, but also helps you formulate steps you need to take to take your cyber security to the next level.
Intrusion Detection and Vulnerability Scans
The first step is an inventory of what the as an organization is already doing and what is missing. We test this against CIS, the Center for Internet Security. CIS is a community-driven nonprofit organization responsible for the CIS Controls and CIS Benchmarks, globally recognized best practices for securing IT systems and data.
Who do we offer Security Monitoring to?
Once you know where you stand, the journey actually begins. To take your cyber security to the next level and eliminate potential threats, it is important to know what steps to take. NFIR’s tool will help you create a roadmap, making it clear to you what you can do.
-
Fase 1: Inventarisatie en assessment
Op basis van beschikbare informatie en interviews krijgen we inzicht in het huidige beleid en reeds genomen maatregelen.
-
Fase 2: Vastleggen van het securitybeleid
Met onze tool bepalen we waar u nu staat, wat uw organisatie al aan securitymaatregelen heeft genomen en wat er nog ontbreek. Hierin wordt er gemeten tegen een gemiddelde van de industrie waarin u zich bevindt.
-
Fase 3: Analyse en prioritering van nog te nemen maatregelen
Onze tool bepaald een stappenplan voor uw organisatie om direct aan de slag te kunnen. De berekening van dit stappenplan houdt rekening met allerlei factoren, zoals kosten, complexiteit maar ook het normenkader van ISO en securitymaatregelen.
-
Fase 4: Rapportage, overdracht en oplevering CSAT tool
U ontvangt een rapportage met de belangrijkste bevindingen van dit adviestraject. Vervolgens wordt de tool overgedragen aan uw organisatie, zodat u deze zelf in gebruik kunt nemen. U krijgt een eigen CSAT-omgeving zodat u ook uw voortgang kunt bijhouden en inzichtelijk hebt wat de te nemen stappen zijn in de juiste volgorde.
An enterprise-specific security roadmap
The list generated by our tool can be seen as a security policy roadmap. Because the tool takes into account your current status and where you want to go, this roadmap is unique and applicable specifically to your organization. The tool is then transferred to you, allowing you to get started on the advice immediately. It is also possible to track the steps you take in the tool. This makes it easy to show where you are, what steps you still need to take and where you want to go.
CIS Controls and CIS Benchmarks.
Security Information and Event Management (SIEM) and Security Operation Center (SOC) incorporated into a complete Security Monitoring service. A fully automated solution where your organization no longer needs to interpret data and is completely unburdened.
What is Security Monitoring?
CSAT puts you more in control on the total security policy, which allows you to reference CSAT from ISMS. A mapping is present between the CIS Controls and the ISO 27001.
How is network traffic monitored?
NFIR produces a report containing the weighted list of recommendations, a proposed roadmap. In addition, you get standard 2-year access to the online environment to track progress. During these 2 years we make 2 more appointments to see how things are going and answer any questions.
How can security monitoring help secure my network?
NFIR has been a partner of CIS for many years, which is why we use CIS Controls v8 to complete the tool.
On what basis does NFIR develop its monitoring service?
NFIR’s security monitoring specialists are working on the development of the Insights platform every week. They process the information from devices in your network and analyse it using machine learning and proven detection rules.
From which sources does NFIR get the information for the dashboard?
By default, we assume a number of on-site sessions that can be scheduled by mutual agreement. After that, it takes about 4 weeks to make the report.
How is network traffic monitored?
In most cases, yes. Security is such a vast field that by using an internationally recognized framework, there is a clearer picture of how well you are really doing. This will give you insight into whether you have covered all facets of cyber security, where any weaknesses are and how to strengthen them.